Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/mhSz-7xkqtBqGwY9ZpEnBezH0dg.roa
File: mhSz-7xkqtBqGwY9ZpEnBezH0dg.roa (raw, json)
Hash identifier: ryuNEQqoa2wr/GjivLBSfyDbsq0lS/zN641+gsrLZNA=
Subject key identifier: 9A:14:B3:FB:BC:64:AA:D0:6A:1B:06:3D:66:91:27:05:EC:C7:D1:D8
Certificate issuer: /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial: 018ADBCC32A5E596BF7CA96D7D10D8885CCC
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/mhSz-7xkqtBqGwY9ZpEnBezH0dg.roa
Signing time: Thu 28 Sep 2023 12:38:27 +0000
ROA not before: Thu 28 Sep 2023 12:38:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 147.136.64.0/19 maxlen: 24
185.226.204.0/22 maxlen: 24
92.50.0.0/18 maxlen: 24
168.199.128.0/17 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:db:cc:32:a5:e5:96:bf:7c:a9:6d:7d:10:d8:88:5c:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
Validity
Not Before: Sep 28 12:38:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9a14b3fbbc64aad06a1b063d66912705ecc7d1d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:aa:86:a8:bc:3b:1a:33:23:47:60:db:c3:a7:
d9:d0:bf:d8:cf:03:2b:f5:a8:a9:f5:e2:27:74:03:
ab:c5:2f:cb:bf:18:14:63:0d:03:d7:3a:95:20:c9:
f4:15:4c:8c:71:4f:21:21:5b:a3:13:6f:21:0d:ba:
73:09:ab:f6:5b:6c:5c:04:83:52:88:98:b9:63:32:
91:79:4a:70:54:11:c0:84:b6:59:43:2e:5e:00:ac:
ff:55:11:89:38:8d:66:9f:17:f5:05:ba:e6:8e:b2:
0f:32:8f:b4:01:44:5a:4b:3c:36:e2:87:f0:ed:cc:
15:5c:30:dc:6f:8c:7c:f6:3b:55:ab:7a:a0:fd:a6:
e7:1d:56:af:e7:fc:5e:eb:8d:c1:91:32:74:b6:7f:
10:8a:98:6a:7f:23:fb:e2:1b:d0:e4:a8:6b:88:81:
70:a9:39:5a:91:b4:1f:16:2e:2a:4c:a6:73:22:b9:
7a:3b:45:58:4a:44:ed:14:d7:c1:24:22:12:18:c9:
fa:a2:c0:a9:9c:7d:74:ad:c9:d6:92:b1:47:1c:aa:
e5:99:f7:1d:a5:65:78:9a:1f:6c:5e:0f:30:4b:fc:
68:87:e6:4c:f7:06:82:f9:97:b8:cc:11:c3:5b:32:
00:de:c0:ec:5c:39:6e:cd:2c:4f:98:9d:1c:07:a0:
46:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:14:B3:FB:BC:64:AA:D0:6A:1B:06:3D:66:91:27:05:EC:C7:D1:D8
X509v3 Authority Key Identifier:
keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/mhSz-7xkqtBqGwY9ZpEnBezH0dg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.50.0.0/18
147.136.64.0/19
168.199.128.0/17
185.226.204.0/22
Signature Algorithm: sha256WithRSAEncryption
01:f9:00:13:b8:2b:68:51:64:5a:eb:0f:a6:3b:c3:93:f7:8c:
8e:dc:e3:5a:0e:64:97:63:22:fa:3d:b0:0a:0e:fa:7e:be:51:
18:72:60:ca:63:f6:c2:95:bc:9f:a4:f3:21:c2:a9:c5:ab:1e:
a2:85:1d:ad:64:c0:e8:0d:c5:8b:73:17:b7:fc:66:aa:cc:61:
c0:60:e9:b9:99:4d:70:ef:58:99:67:f5:48:2b:c0:53:81:df:
e9:f6:13:d9:c4:d7:e0:ae:59:43:cd:1c:61:2e:2b:a9:4d:57:
03:85:4c:95:0f:bd:dd:73:32:7a:06:aa:bd:42:82:a1:4f:09:
6e:be:69:3c:63:a9:45:ab:0d:5c:7f:b4:73:f4:93:95:b0:d0:
9e:bd:be:63:a1:89:4f:37:9c:d4:8d:75:ad:d7:91:72:d1:d2:
14:a5:cd:51:4a:27:9f:4c:51:47:8c:ca:66:10:81:55:a8:76:
2f:e8:8d:c5:6b:96:84:5b:a9:40:7a:b1:73:56:9f:d0:81:92:
14:24:5f:b6:81:8b:5a:09:f4:93:23:20:f6:d4:20:62:97:40:
d5:cb:31:30:c3:15:06:96:b1:c0:03:8e:4b:92:f3:3a:4a:1c:
b6:41:fc:3b:66:4e:aa:ca:32:84:aa:aa:7c:fd:bb:4e:fb:a6:
cc:9f:d5:5f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYrbzDKl5Za/fKltfRDYiFzMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjMwOTI4MTIzODI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTE0YjNmYmJjNjRhYWQwNmExYjA2M2Q2NjkxMjcwNWVjYzdkMWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKqGqLw7GjMjR2Dbw6fZ0L/YzwMr
9aip9eIndAOrxS/LvxgUYw0D1zqVIMn0FUyMcU8hIVujE28hDbpzCav2W2xcBINS
iJi5YzKReUpwVBHAhLZZQy5eAKz/VRGJOI1mnxf1BbrmjrIPMo+0AURaSzw24ofw
7cwVXDDcb4x89jtVq3qg/abnHVav5/xe643BkTJ0tn8QiphqfyP74hvQ5KhriIFw
qTlakbQfFi4qTKZzIrl6O0VYSkTtFNfBJCISGMn6osCpnH10rcnWkrFHHKrlmfcd
pWV4mh9sXg8wS/xoh+ZM9waC+Ze4zBHDWzIA3sDsXDluzSxPmJ0cB6BGzwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJoUs/u8ZKrQahsGPWaRJwXsx9HYMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvbWhTei03eGtxdEJxR3dZOVpwRW5CZXpIMGRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQGXDIAAwQF
k4hAAwQHqMeAAwQCueLMMA0GCSqGSIb3DQEBCwUAA4IBAQAB+QATuCtoUWRa6w+m
O8OT94yO3ONaDmSXYyL6PbAKDvp+vlEYcmDKY/bClbyfpPMhwqnFqx6ihR2tZMDo
DcWLcxe3/GaqzGHAYOm5mU1w71iZZ/VIK8BTgd/p9hPZxNfgrllDzRxhLiupTVcD
hUyVD73dczJ6Bqq9QoKhTwluvmk8Y6lFqw1cf7Rz9JOVsNCevb5joYlPN5zUjXWt
15Fy0dIUpc1RSiefTFFHjMpmEIFVqHYv6I3Fa5aEW6lAerFzVp/QgZIUJF+2gYta
CfSTIyD21CBil0DVyzEwwxUGlrHAA45LkvM6Shy2Qfw7Zk6qyjKEqqp8/btO+6bM
n9Vf
-----END CERTIFICATE-----
Generated at Wed Apr 16 07:55:15 2025 by rpki-client